UK’s NCSC Finds Ransomware And Phishing Amongst The Biggest Threats To The Charity Sector

The UK’s NCSC’s latest report has found that phishing and ransomware are amongst the biggest threats to the charity sector:

The report, published by the NCSC in association with the Charity Commission for England and Wales, explains why charities might be targeted and the challenges they face when compared to business and government organisations. For example, charities are more likely to rely on staff using their own IT (also known as Bring your own Device or BYOD), and these are harder to secure than devices that are owned (and managed) by the organisation itself.

It includes case studies from the sector to bring the report to life, as well as key statistics from the DCMS’s Cyber Security Breaches Survey. Crucially, it also directs readers to a range of online resources, so you can put in place the necessary measures to protect your charity and donors. These resources include the new Funded Cyber Essentials Programme, which offers eligible charities free support to put protections in place.

Given the times that we currently live in where the most vulnerable need help from charities, this is not good news:

Dr. Darren Williams, CEO and Founder, BlackFog had this to say:

Phishing and more specifically spear phishing is the tool of choice for most cyber gangs in order to breach an organization and launch a ransomware attack. As we have seen from this year’s annual statistics (, ransomware continues to break new records each month, with 2022 ending with a record number of attacks and an overall  29% increase over 2021. We continue to see specific sectors such as education and government become the most targeted, with charities falling into the same category as they are seen as low-hanging fruit without adequate resources for protection, both in terms of skilled cyber professionals as well as cybersecurity technology. Since the goal of any attack is to breach an organization and steal valuable information, charities pose a very high risk as they are gatekeepers to many high-net-worth individuals’ details which can then be leveraged for extortion. This is similar to the way such individuals were targeted in an attack on Daylesford in the UK last year, where high net-worth individuals’ details were leaked online. Like any organization, charities need to look carefully at how they are protecting their data and what they are doing in terms of anti-data exfiltration generally. 

Hopefully this spurs the charity sector to do what they can to make themselves less of a target. And hopefully the U.K. government pitches in because they truly can’t do this alone.

Leave a Reply

%d bloggers like this: